DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
This is a Non-Final Office Action in response to the communication filed on June 25, 2019.
Claims 1-20 have been examined.


Drawings
The drawings filed on June 25, 2019 are acceptable for examination proceedings.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on June 25, 2019 was filed after the mailing date of the application 16/451235 on June 25, 2019.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Double Patenting 
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.  A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO internet Web site contains terminal disclaimer forms which may be used.  Please visit http://www.uspto.gov/forms/.  The filing date of the application will determine what form should be used.  A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission.  For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.  

Claims 1-4, 6, 8-10, 13, 15-17, and 19 are rejected under the judicially created doctrine of obviousness-type double patenting as being unpatentable over claims 1-5, 7-11, 13, and 15-17 of U.S. Patent No. 10,382,413. Although the conflicting claims are not identical, they are not patentably distinct from each other because all the limitations of claims 1-4, 6, 8-10, 13, 15-17, 
Application No.16/451235
Patent No. 10,382,413
1. A method comprising: 
at a trusted server, receiving a request for an activation code for a client device, the activation code comprising an identifier associated with the trusted server and a one-time password; 

obtaining the identifier from a public server that associates the identifier with the trusted server; generating the one-time password; 

combining the one-time password with the identifier to create the activation code; 

providing the activation code to a provisioning client that presents the activation code to the client device; 








securing a communication session with the client device using the one-time password as a shared secret; 

and downloading trusted cryptographic information to the client device.
1. A method comprising: 
at a client device, generating a one time password; 

combining the one time password with an identifier to create an activation code; 

sending a message to a public server, the message comprising a request for an address of a trusted server associated with the identifier; 

(combining the one time password with an identifier to create an activation code);

providing the activation code to a provisioning client that notifies the public server to associate the address of the trusted server with the identifier; 

receiving the address of the trusted server from the public server; 
initiating a communication session with the trusted server at the address of the trusted server provided by the public server, 

wherein the one time password is used as a shared secret to secure the communication session; 

and downloading trusted cryptographic information from the trusted server

5. The method of claim 1, further comprising: requesting the identifier from the public server; and receiving the identifier at the client device from the public server.
3. The method of claim 1, wherein obtaining the identifier comprises: sending a request for the identifier to the public server; and receiving the identifier from the public server, wherein the identifier is a random number generated by the public server in response to the request for the identifier.
2. The method of claim 1, wherein the identifier is a random number generated by the public server in response to a request for the identifier.
4. The method of claim 1, wherein the communication session is secured according to a Password Authenticated Key Exchange (PAKE) protocol using the one-time password as the shared secret in the PAKE protocol.
3. The method of claim 1, wherein the communication session is secured according to a Password Authenticated Key Exchange (PAKE) protocol using the one time password as the shared secret in the PAKE protocol.
5. The method of claim 4, wherein the PAKE protocol securing the communication session between the trusted server and the client device is proxied via the public server.

6. The method of claim 1, wherein the client device and the trusted server are within a first trust boundary and the public server is outside of the first trust boundary.
4. The method of claim 1, wherein the client device and the trusted server are within a first trust boundary and the public server is outside of the first trust boundary.
7. The method of claim 6, wherein the trusted cryptographic information includes trust anchors for the first trust boundary.

8. An apparatus comprising: a network interface unit that enables network communications; and a processor, coupled to the network interface unit, and configured to: at a trusted server, receive via the network interface unit a request for an activation code for a client device, the activation code comprising an identifier associated with the trusted server and a one-time password; obtain the identifier from a public server that associates the identifier with the trusted server; generate the one-time password; combine the one-time password with the identifier to create the activation code; provide the 


11. The apparatus of claim 7, wherein the processor is further configured to: request the identifier from the public server; and receive the identifier from the public server via the network interface unit.
10. The apparatus of claim 8, wherein the processor is configured to obtain the identifier by: causing the network interface unit to send a request for the identifier to the public server; and receive the identifier from the public server via the network interface unit, wherein the identifier is a random number generated by the public server in response to the request for the identifier.
8. The apparatus of claim 7, wherein the identifier is a random number generated by the public server in response to a request for the identifier.
11. The apparatus of claim 8, wherein the processor is configured to secure the communication session according to a Password Authenticated Key Exchange (PAKE) protocol using the one-time password as the shared secret in the PAKE protocol.
9. The apparatus of claim 7, wherein the processor is configured to secure the communication session according to a Password Authenticated Key Exchange (PAKE) protocol using the one time password as the shared secret in the PAKE protocol.
12. The apparatus of claim 11, wherein the PAKE protocol securing the communication session between the trusted server and the client device is proxied via the public server.

13. The apparatus of claim 8, wherein the client device and the trusted server are within a first trust boundary and the public server is outside of the first trust boundary.
10. The apparatus of claim 7, wherein the apparatus and the trusted server are within a first trust boundary and the public server is outside of the first trust boundary.
14. The apparatus of claim 13, wherein the processor is configured to include trust anchors for the first trust boundary in the trusted cryptographic information.


13. A system comprising: a trusted server configured to store cryptographic information; a provisioning client configured to communicate with a public server to associate an identifier with the trusted server; and a client device configured to: generate a one time password; combine the one time password with the identifier to create an activation code send a message to the public server, the message comprising a request for an address of the trusted server; provide the activation code to the provisioning client; receive the address of the trusted server from the public server; initiate a communication session with the trusted server at the address of the trusted server provided by the public server, wherein the one time password is used as a shared secret to secure the communication session; and download the cryptographic information from the trusted server.
16. The system of claim 15, wherein the trusted server is further configured to notify the public server to release the identifier from being associated with the trusted server.
17. The system of claim 13, wherein the client device is further configured to: request the identifier from the public server; and receive the identifier from the public server.
17. The system of claim 15, wherein the client device and the trusted server are configured to secure the communication session according to a Password Authenticated Key Exchange (PAKE) protocol using the one time password as the shared secret in the PAKE protocol.
15. The system of claim 13, wherein the client device and the trusted server are configured to secure the communication session according to a Password Authenticated Key Exchange (PAKE) protocol using the one time password as the shared secret in the PAKE protocol.
18. The system of claim 17, wherein the PAKE protocol securing the communication session between the trusted server and the client device is proxied via the public server.

19. The system of claim 15, wherein the client device and the trusted server are within a first trust boundary and the public server is outside of the first trust boundary.
16. The system of claim 13, wherein the client device and the trusted server are within a first trust boundary and the public server is outside of the first trust boundary.




Claims 1-5, 7-11, 13, and 15-17 of Patent No. 10,382,413 contain every element of claims 1-4, 6, 8-10, 13, 15-17, and 19 of the instant application and thus anticipate the claims of the instant application. Claims of the instant application therefore are not patently distinct from the earlier patent claims and as such are unpatentable over obvious-type double patenting. A later application/patent claim is not patentably distinct from an earlier claim if the later claim anticipated by the earlier claim.
“A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim.  In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus). “  ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED:  May 30, 2001).
 Accordingly, absent a terminal disclaimer, claims 1-4, 6, 8-10, 13, 15-17, and 19 were properly rejected under the doctrine of obviousness-type double patenting.” (In re Goodman (CA FC) 29 USPQ2d 2010 (12/3/1993).


Allowable Subject Matter
Claims 1-20 would be allowable if rewritten or amended to overcome the rejection(s) under Double Patenting, set forth in this Office action.
 The following is an examiner’s statement of reasons for allowance: 
Regarding independent claims 1, 8, and 15:
The closest prior art Clark et al. (U.S. Patent Application Publication No.: US 2011/0314462 A1[provided by the applicant]) discloses obtaining bootstrap information i. e., an “activation code” comprising identity of the DM Server i.e., an “identifier” and cryptographic keys i.e., a “one time password” (Clark: Para 0027). 
The second closest prior art Chung-Nan Tien (U.S. Patent Application Publication No.: US 2010/0175120 [provided by the applicant]) discloses securing communication session a server using an OTP as a shared secret (Tien: Para 0042).

The third closest prior art Varadarajan (US 2011/0113245 A1) discloses:
“…generating a one-time passcode (OTP) configured for use as a personal identification number (PIN) for a user account from a user device. The OTP may be generated using an OTP generator which may include an algorithm an user account-specific OTP key. The OTP key may be camouflaged by encryption, obfuscation or cryptographic camouflaging using a PIN or a unique machine identifier defined by the user device. Obtaining an OTP from the user device may require inputting a data element which may be one of a PIN, a character string, an image, a biometric parameter, a user device identifier such as an machine effective speed calibration (MESC), or other datum. The OTP may be used for 

However the prior arts alone or in combination fails to teach or suggest the claimed limitation of independent claims 1, 8, and 15 “...obtaining the identifier from a public server that associates the identifier with the trusted server; 
generating the one-time password; 
combining the one-time password with the identifier to create the activation code; 
providing the activation code to a provisioning client that presents the activation code to the client device” along with other limitations independent claims 1, 8, and 15.
For this reason, the specific claim limitations recited in the independent claims 1, 8, and 15 taken as whole are allowed.
The dependent claims 2-7, 9-14 and 18-20 which are dependent on the above independent claims 1, 8, and 15 being further limiting to the independent claim, definite and enabled by the specification are also allowed.
	 Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance”.
Relevant Prior Arts
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Given et al. (U.S. Patent No.: US 6560711 B1) discloses :
	… integrating a dynamic token generator into a mobile device, … apparatus may generate an OTP. Then, the application may enter the OTP into a website field. In doing so, the apparatus may relieve a user from having to type an OTP into an application. The apparatus may also maintain the security aspects of an OTP but relieve a user from typing token activation information i.e., information that is needed to register an OTP seed application into the application by using a self-reading quick response ("QR") code. An OTP seed application may be an application which generates one-time passwords (Para 0013).

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABDULLAH ALMAMUN whose telephone number is         (571) 270-3392.  The examiner can normally be reached on 8 AM - 5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished 
/ABDULLAH ALMAMUN/Examiner, Art Unit 2431                                                                                                                                                                                                        
/SAMSON B LEMMA/Primary Examiner, Art Unit 2498